EWS API, 401 Unauthorized on BindToItems

0
votes

I'm struggling with a simple Task, that gets new E-Mails in specific Folders in Exchange Online, sets "Processed"-Category and then stores the E-Mail.

Firstly, I create App permissions like that:

 var app = ConfidentialClientApplicationBuilder.Create(_appConfig.ClientId)
                                                          .WithAuthority(AzureCloudInstance.AzurePublic,
                                                                         _appConfig.Tenant)
                                                          .WithClientSecret(_appConfig.ClientSecret)
                                                          .Build();
            AuthenticationResult authResultresult = null;
            var ewsScopes = new[] {"https://outlook.office.com/.default"};

        
            authResultresult = await app.AcquireTokenForClient(ewsScopes)
                                                     .ExecuteAsync();

then I create Exchange-Client and use created Oauth-Token to authorize:

var result = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
        result.KeepAlive = false;
        result.DateTimePrecision = DateTimePrecision.Milliseconds;
        result.Url =  new Uri("https://outlook.office365.com/EWS/Exchange.asmx");
        result.UseDefaultCredentials = false;         

        var authResultresult = await CreateAppPermissions(_appConfig);
        result.Credentials = new OAuthCredentials(authResultresult.AccessToken);

after that I impersonate SMTP-User with my mainSMTP account

result.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, _appConfig.SMTPMailAccount);

after that I use this Code to retrieve an Email using known Id, add for it new Category and update the item like this:

   var itemsToStore = result.BindToItems(new []{newItemId}, props);
                foreach (var itemToStore in itemsToStore)
                {                   
                    itemToStore.Item.Categories.Add("Processed");
                
                    itemToStore.Item.Update(ConflictResolutionMode.AlwaysOverwrite, true); 
                }

This code has previously produced “Access is denied. Check credentials and try again., Cannot save changes made to an item to store." - Exception on Item.Update. After a research I have found this :

Office 365 API ErrorAccessDenied (Access is denied. Check credentials and try again.)

and followed the proposed solution by removing "Have full access to a users mailbox"- checkbox flag.

After that I'm getting 401 unauthorized, when I'm calling BindToItems. Was it a step backwards to remove the checkbox?

1
c#oauthexchangewebservicesunauthorized

1 Answers

0
votes

RESOLVED: Found the solution for 401:

since I'm using EWS a.k.a. older API called Exchange Web Services it was a mistake to remove the checkbox.

the reason for “Access is denied. Check credentials and try again., Cannot save changes made to an item to store." was that impersonated user didn't have rights to change someones elses emails